I chose a 1 GB package. The package is $20 every month, and the annual fee is reduced by 10%. The actual payment of $230.21 is equivalent to more than 1400 RMB. Linode1GB Operating System: CentOSLinux6.264bit running environment: Nginx + PHP + MySQL preparation compiling environment deployment: It is very dangerous to enable the compiling environment on the server. To ensure security, I use a virtual machine
I chose a 1 GB package. The package is $20 every month, and the annual fee is reduced by 10%. The actual payment of $230.21 is equivalent to more than 1400 RMB. Linode 1 GB Operating System: CentOS Linux 6.2 64bit running environment: Nginx + PHP + MySQL preparation compiling environment deployment: It is very dangerous to enable the compiling environment on the server, to ensure security, I use a virtual machine.
I chose a 1 GB package. The package is $20 every month, and the annual fee is reduced by 10%. The actual payment of $230.21 is equivalent to more than 1400 RMB.
Linode 1 GB
Operating System: CentOS Linux 6.2 64bit
Running Environment: Nginx + PHP + MySQL
Preparations
Compiling environment deployment:
It is very dangerous to enable the compiling environment on the server. To ensure security, I use a virtual machine to compile the program. After compilation, I can deploy the program to the server.
Download and install CentOS 6.2 64bit Based on the VPS operating system. Because it is only a compilation machine, you only need to install the Minimal version. The download speed is several hundred MB.
Historical ISO files can be found in the http://vault.centos.org.
The Minimal version does not automatically start the network after it is installed. You need to perform the following operations:
Run commands
dhclient -v eth0
Modify file/etc/sysconfig/network-scripts/ifcfg-eth0
Add a line at the end of the file
BOOTPROTO = "dhcp"
Change ONBOOT = "no" to ONBOOT = "yes"
In this way, the network will be automatically connected after startup.
After logging on to the/root directory with root, create two directories: packages and build, which are respectively used to place the installation package and program directories after decompression.
# Installation
yum install gcc makecdmkdir packages build
Create user
groupadd -g 500 www && useradd -g 500 -m -u 500 wwwgroupadd -g 501 Hessian && useradd -g 501 -m -u 501 Hessiangroupadd -g 27 mysql && useradd -d /www/database -M -g 27 -u 27 mysql
Environment Variable
Modify the/etc/profile file and add the following content to the end of the file.
PATH=$PATH:/opt/mysql/binPATH=$PATH:/opt/php/binPATH=$PATH:/opt/nginx/sbin
Run:./etc/profile
(Do not omit spaces in the middle)
Nginx
: Http://nginx.org/en/download.html
1. Download
cd ~/packageswget http://nginx.org/download/nginx-1.4.1.tar.gz
2. Extract
cd ~/buildtar -zxf ~/packages/nginx-1.4.1.tar.gz
3. Solve Dependencies
yum install pcre-develyum install zlib-devel
3. Compile
cd nginx-1.4.1./configure --prefix=/opt/nginx-1.4.1 --with-pcre --with-openssl=/usrmake -j 2 && make install
MySQL
: Http://dev.mysql.com/downloads/mysql
Here I chose the Binary Package.
Linux-Generic (glibc 2.5) (x86, 64-bit), Compressed TAR Archive
Mysql-5.6.11-linux-glibc2.5-x86_64.tar.gz
Download and decompress the package.
PHP
Although YUM provides PHP, I chose to compile it myself for performance and personal needs.
The PHP version I used is 5.3. I don't know if 5.4 will bring any compatibility issues.
: Http://cn2.php.net/get/php-5.3.24.tar.bz2/from/a/mirror
1. Download
cd ~/packageswget http://cn2.php.net/get/php-5.3.24.tar.bz2/from/this/mirror
2. Extract
cd ~/buildtar -zjf ~/packages/php-5.3.24.tar.gz
3. Solve Dependencies
yum install libxml2-develyum install libcurl-develyum install libjpeg-develyum install libpng-develyum install freetype-develyum install autoconf
Libmcrypt is not in yum. It can be downloaded from EPEL.
EPEL (Extra Packages for Enterprise Linux) is a program created by the Fedora community to provide high-quality software Packages for RHEL and its derivative releases, such as CentOS and Scientific Linux.
Install
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.el6.x86_64.rpmrpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-devel-2.5.8-9.el6.x86_64.rpm
3. Compile
cd php-5.3.24./configure --prefix=/opt/php-5.3.24 \--with-config-file-path=/opt/php \--with-mysql=mysqlnd \--with-mysql-sock=/tmp/mysql.sock \--with-iconv-dir=/usr \--enable-xml \--with-libxml-dir \--disable-rpath \--enable-safe-mode \--enable-inline-optimization \--with-curl \--enable-mbregex \--with-gd \--enable-zip \--enable-sockets \--enable-mbstring=all \--with-mcrypt \--enable-gd-native-ttf \--with-freetype-dir=/usr \--with-jpeg-dir=/usr \--with-png-dir=/usr\--with-pdo-mysql=mysqlnd \--without-pdo-sqlite \--enable-fpm \--enable-climake -j2make install
4. Compilation Extension
Subsequent steps
cd /optln -s mysql-5.6.11-linux-glibc2.5-x86_64 mysqlln -s nginx-1.4.1 nginxln -s php-5.3.24 phptar -czf servers.tar.gz *
Upload the config file STARTUP script and servers.tar.gz to the server, decompress it to/opt, and place the configuration file and startup script.
VPS Installation Steps
Resolve Dependencies
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.el6.x86_64.rpmyum install libpng libjpeg freetypeyum install svn
Create user
groupadd -g 500 www && useradd -g 500 -m -u 500 wwwgroupadd -g 501 Hessian && useradd -g 501 -m -u 501 Hessiangroupadd -g 27 mysql && useradd -d /www/database -M -g 27 -u 27 mysql
Upload and decompress
Place servers.tar.gz, configuration file, and startup script on the server
tar -zxf servers.tar.gz -C /opt tar -zxf init-scripts.tar.gz -C /etc/init.d
Add Service
chkconfig --add nginxchkconfig --add mysqlchkconfig --add php-fpm
Create a Resource Directory
mkdir /wwwmkdir /www/databasemkdir /www/logsmkdir /www/svn-repos
Adjust Directory Permissions
chown www:www -R /wwwchown mysql:mysql -R /www/database
Environment Variable
Modify the/etc/profile file and add the following content to the end of the file.
PATH=$PATH:/opt/mysql/binPATH=$PATH:/opt/php/binPATH=$PATH:/opt/nginx/sbin
Run:./etc/profile
(Do not omit spaces in the middle)
Security Settings
SSH settings:
Modify/etc/ssh/sshd_config
1. disable root login: PermitRootLogin no
2. Disable Password Logon: PasswordAuthentication no
3. enable key login:
RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keys
Add the public key to. ssh/authorized_keys on the server. For details about how to generate the key and set it, refer:
Http://stevenz.blog.hexun.com/15798089_d.html
On the client, you can directly add the public key to the server using the following command:
cat??~/.ssh/id_rsa.pub | ssh?zhaoy@192.168.1.1?"cat - >> ~/.ssh/authorized_keys"
Restart sshd after execution.
service sshd restart
If you cannot log on, you can view the security log/var/log/secure to determine the cause of the problem.
Firewall settings:
Create the/etc/sysconfig/iptables file and add the following content:
*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 3690 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
Only port 22, port 80, and port 3690 are opened. If there are other ports, you can add them by reference.
Original article address: Linode LNMP server environment configuration notes. Thank you for sharing them with me.